The Compliance Program That Sees One Country Misses the Network

Most companies assessing financial crime risk in the Caribbean Basin and northern South America start with the wrong question. They ask: what are the risks in this country? The more revealing question is who else does this counterparty do business with, and where do those relationships lead?

Financial crime in this region does not respect borders. Individuals involved in illicit activity operate across the Caribbean Basin simultaneously, holding companies in one jurisdiction, agents in another, banking relationships in a third. A compliance program built around a single country sees only a slice of that picture. The slice it cannot see is often where the risk lives.

CFATF has identified Guyana as a jurisdiction with strategic AML/CFT deficiencies posing a risk to the international financial system, calling for counter-measures and referring Guyana to FATF. Guyana is one of the fastest-growing economies in the Western Hemisphere due to offshore oil discoveries. Capital is flowing into a jurisdiction with documented AML deficiencies. For any company with Guyanese counterparties, agents, or operations, that referral is not background noise. It is a direct regulatory signal.

The cartel FTO designations of February 2025 compound this. Eight Latin American cartels are now designated Foreign Terrorist Organizations and Specially Designated Global Terrorists. This is not only a sanctions matter. Under the material support statute, providing financial services or other resources to a designated cartel, even through willful blindness, may constitute a federal crime. Many AML and FCPA frameworks were not built to detect this exposure. A counterparty clean in your last review may have documented cartel connections today. Point-in-time screening does not close this gap.

In my experience working across these markets, the challenge is not framework design. It is data. The information needed to map cross-border relationships, trace beneficial ownership, and monitor counterparty networks in real time often does not exist in structured form. Building a compliance program around what can be seen in a database gives a false sense of coverage in markets where the most significant risks are those that are hardest to document.

Most compliance programs in these markets were designed to answer the wrong question. They tell you what the risks look like in the country where the counterparty is incorporated. They do not tell you where that counterparty’s money goes, who controls the entities behind it, or which regional networks it is connected to. Those are the questions worth asking before you have a problem, not after.